 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
ColonelRVH
Advanced Cheater
 Reputation: 1
Joined: 22 Jan 2015
Posts: 59
Location: VN
|
 Posted: Tue Mar 07, 2017 11:28 pm Post subject: How to get multiple characters base addresses with 1 script? |
 |
|
Here's what i did
| Code: | [ENABLE]
registersymbol(Base_Character_01)
registersymbol(Base_Character_02)
registersymbol(Base_Character_03)
registersymbol(Base_Character_04)
registersymbol(Base_Character_05)
registersymbol(Base_Character_06)
registersymbol(Base_Character_07)
aobscan
label(code)
label(return)
label(returntonormal)
label(Char1)
label(Char2)
label(Char3)
label(Char4)
label(Char5)
label(Char6)
label(Char7)
alloc(Base_Character_01,4)
alloc(Base_Character_02,4)
alloc(Base_Character_03,4)
alloc(Base_Character_04,4)
alloc(Base_Character_05,4)
alloc(Base_Character_06,4)
alloc(Base_Character_07,4)
newmem:
code:
mov [rcx+0C],eax
cmp dword [rcx+04],1
je Char1
cmp dword [rcx+04],2
je Char2
cmp dword [rcx+04],3
je Char3
cmp dword [rcx+04],4
je Char4
cmp dword [rcx+04],5
je Char5
cmp dword [rcx+04],6
je Char6
cmp dword [rcx+04],7
je Char7
jmp returntonormal
returntonormal:
mov rbx,[rsp+30]
jmp return
Char1:
mov [Base_Character_01],rcx
jmp returntonormal
Char2:
mov [Base_Character_02],rcx
jmp returntonormal
Char3:
mov [Base_Character_03],rcx
jmp returntonormal
Char4:
mov [Base_Character_04],rcx
jmp returntonormal
Char5:
mov [Base_Character_05],rcx
jmp returntonormal
Char6:
mov [Base_Character_06],rcx
jmp returntonormal
Char7:
mov [Base_Character_07],rcx
jmp returntonormal
GetAllChars:
jmp newmem
nop
nop
nop
return:
registersymbol(GetAllChars)
[DISABLE]
GetAllChars:
db 89 41 0C 48 8B 5C 24 30
unregistersymbol(GetAllChars)
unregistersymbol(Base_Character_01)
unregistersymbol(Base_Character_02)
unregistersymbol(Base_Character_03)
unregistersymbol(Base_Character_04)
unregistersymbol(Base_Character_05)
unregistersymbol(Base_Character_06)
unregistersymbol(Base_Character_07)
dealloc(newmem)
dealloc(Base_Character_01)
dealloc(Base_Character_02)
dealloc(Base_Character_03)
dealloc(Base_Character_04)
dealloc(Base_Character_05)
dealloc(Base_Character_06)
dealloc(Base_Character_07) |
The problem is either I get characters:
3 and 6
2 and 6
1 and 4
etc.. 2 characters base addresses are right at a time, others switch to some weird addresses. Sometimes i got 3 characters.
I even tried to compare the String for character name but it end up the same.
The original instruction did access them all with the same count.
What went wrong?
_________________
Open for Simple Table request, depends on my interest. |
|
| Back to top |
|
 |
Squallviii8
Newbie cheater
![]() Reputation: 0
Joined: 05 Feb 2016
Posts: 12
|
| Posted: Wed Mar 08, 2017 1:23 am Post subject: |
|
|
| If the game allows it try using a highlight/mouseover pointer. Find a value that all characters share, health, magic or whatever. Then "find what accesses this address". Hover over the character you found the value for and see if anything pops up.
|
|
| Back to top |
|
|
ColonelRVH
Advanced Cheater
Reputation: 1
Joined: 22 Jan 2015
Posts: 59
Location: VN
|
| Posted: Wed Mar 08, 2017 1:29 am Post subject: |
|
|
still, what went wrong?
did a fast one, seems not possible with this game.
_________________
Open for Simple Table request, depends on my interest.
Last edited by ColonelRVH on Wed Mar 08, 2017 1:35 am; edited 1 time in total |
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Wed Mar 08, 2017 1:34 am Post subject: |
|
|
Assuming your compares are correct -- since the target is 64bit, try allocating 8 bytes instead of 4:
| Code: | alloc(Base_Character_01,8)
alloc(Base_Character_02,8)
alloc(Base_Character_03,8)
alloc(Base_Character_04,8)
alloc(Base_Character_05,8)
alloc(Base_Character_06,8)
alloc(Base_Character_07,8) |
|
|
| Back to top |
|
|
ColonelRVH
Advanced Cheater
Reputation: 1
Joined: 22 Jan 2015
Posts: 59
Location: VN
|
| Posted: Wed Mar 08, 2017 1:40 am Post subject: |
|
|
| ++METHOS wrote: | Assuming your compares are correct -- since the target is 64bit, try allocating 8 bytes instead of 4:
| Code: | alloc(Base_Character_01,8)
alloc(Base_Character_02,8)
alloc(Base_Character_03,8)
alloc(Base_Character_04,8)
alloc(Base_Character_05,8)
alloc(Base_Character_06,8)
alloc(Base_Character_07,8) |
|
This is it, now my script works magnificently, thanks alot.
Can you tell me why though?
And how did you know it's 64bit?
_________________
Open for Simple Table request, depends on my interest. |
|
| Back to top |
|
|
Squallviii8
Newbie cheater
![]() Reputation: 0
Joined: 05 Feb 2016
Posts: 12
|
| Posted: Wed Mar 08, 2017 1:58 am Post subject: |
|
|
| 64bit games use the "R" registers (RAX,RBX) and so on. Sorry but I cant really answer the why to your question. I've never had to allocate more memory on the 64bit games I've played.
|
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Wed Mar 08, 2017 5:10 pm Post subject: |
|
|
| 64-bit processes use 64-bit addresses. That's 8 bytes to hold the address.
|
|
| Back to top |
|
|
ColonelRVH
Advanced Cheater
Reputation: 1
Joined: 22 Jan 2015
Posts: 59
Location: VN
|
| Posted: Wed Mar 08, 2017 9:23 pm Post subject: |
|
|
Logically speaking of course,
I still dont get why it didn't work, although 4 bytes worked for other scripts of the same game.
I'm still a beginner of this, can u shed me some light?
_________________
Open for Simple Table request, depends on my interest. |
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Wed Mar 08, 2017 10:03 pm Post subject: |
 |
|
Lets say the variable's address is at 7FF911223344.
Well, that's a pretty big number. So big that it won't fit within 4 bytes.
So when you only reserve 4 bytes for it, you're losing its actual value.
In your specific case, you're allocating space for multiple addresses in succession.
Since you told CE to only reserve 4 bytes, it is placing the next address 4 bytes after the first.
So when you write the 8 bytes to your first address, everything appears fine.
CE created a larger block of memory than you requested and your instruction used RCX, an 8-byte register.
It successfully fit the entire 8 bytes into Base_Character_01.
The problem comes when you then write the address of Base_Character_02.
Since it starts only 4 bytes after the first, it is actually overwriting half of the previous bytes you were using.
| Code: | 7FF911223344 == 44 33 22 11 F9 7F
7FF955667788 == 88 77 66 55 F9 7F
44 33 22 11 F9 7F 00 00 // address 1
88 77 66 55 F9 7F 00 00 // address 2 |
Now if you tried using Base_Character_01 in CE, it would think its address is 5566778811223344, which is wrong.
|
|
| Back to top |
|
|
ColonelRVH
Advanced Cheater
Reputation: 1
Joined: 22 Jan 2015
Posts: 59
Location: VN
|
| Posted: Thu Mar 09, 2017 12:37 am Post subject: |
|
|
I think i got a grip of it. Thanks alot Zanzer.
I guess that's also the reason why it always able to get character 6 right? (character 7 actually doesn't exist, i just put it there for future purposes)
_________________
Open for Simple Table request, depends on my interest. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
